package fr.novia.zaproxyplugin;

import hudson.EnvVars;
import hudson.Extension;
import hudson.model.AbstractBuild;
import hudson.model.AbstractDescribableImpl;
import hudson.model.BuildListener;
import hudson.model.Descriptor;
import hudson.model.EnvironmentSpecific;
import hudson.model.Node;
import hudson.slaves.NodeSpecific;
import hudson.tools.ToolDescriptor;
import hudson.tools.ToolInstallation;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.BufferedReader;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.tools.ant.BuildException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.zaproxy.clientapi.core.ApiResponse;
import org.zaproxy.clientapi.core.ApiResponseElement;
import org.zaproxy.clientapi.core.ClientApi;
import org.zaproxy.clientapi.core.ClientApiException;

/* loaded from: input_file:fr/novia/zaproxyplugin/ZAProxy.class */
public class ZAProxy extends AbstractDescribableImpl<ZAProxy> {
    private static final String API_KEY = "ZAPROXY-PLUGIN";
    private static final int MILLISECONDS_IN_SECOND = 1000;
    private static final String FILE_POLICY_EXTENSION = ".policy";
    private static final String NAME_POLICIES_DIR_ZAP = "policies";
    public static final String CMD_LINE_DIR = "-dir";
    public static final String CMD_LINE_CONFIG = "-config";
    public static final String CMD_LINE_HOST = "-host";
    public static final String CMD_LINE_PORT = "-port";
    public static final String CMD_LINE_DAEMON = "-daemon";
    private static final String ZAP_PROG_NAME_BAT = "zap.bat";
    private static final String ZAP_PROG_NAME_SH = "zap.sh";
    private static final String REPORT_FORMAT_ALL = "all";
    private static final String REPORT_FORMAT_XML = "xml";
    private static final String REPORT_FORMAT_JSON = "json";
    private static final String REPORT_FORMAT_HTML = "html";
    private String zapProxyHost;
    private int zapProxyPort;
    private ClientApi zapClientAPI;
    private String zapProgram;
    private final boolean autoInstall;
    private final String toolUsed;
    private final String zapHome;
    private final int timeoutInSec;
    private final String filenameLoadSession;
    private final String targetURL;
    private final boolean spiderURL;
    private final boolean scanURL;
    private final boolean saveReports;
    private final String chosenFormat;
    private final String filenameReports;
    private final boolean saveSession;
    private final String filenameSaveSession;
    private final String zapDefaultDir;
    private final String chosenPolicy;
    private final List<ZAPcmdLine> cmdLinesZAP;

    @Extension
    /* loaded from: input_file:fr/novia/zaproxyplugin/ZAProxy$ZAProxyDescriptorImpl.class */
    public static class ZAProxyDescriptorImpl extends Descriptor<ZAProxy> {
        private List<String> formatList = new ArrayList();

        public ZAProxyDescriptorImpl() {
            this.formatList.add(ZAProxy.REPORT_FORMAT_XML);
            this.formatList.add(ZAProxy.REPORT_FORMAT_JSON);
            this.formatList.add(ZAProxy.REPORT_FORMAT_HTML);
            this.formatList.add(ZAProxy.REPORT_FORMAT_ALL);
            load();
        }

        public String getDisplayName() {
            return null;
        }

        public List<String> getFormatList() {
            return this.formatList;
        }

        public FormValidation doCheckFilenameReports(@QueryParameter("filenameReports") String str) throws IOException, ServletException {
            return str.isEmpty() ? FormValidation.error("Field is required") : !FilenameUtils.getExtension(str).equals("") ? FormValidation.warning("A file extension is not necessary.") : FormValidation.ok();
        }

        public FormValidation doCheckFilenameSaveSession(@QueryParameter("filenameLoadSession") String str, @QueryParameter("filenameSaveSession") String str2) throws IOException, ServletException {
            return str2.equals(str) ? FormValidation.error("The saved session filename is the same of the loaded session filename.") : !str.isEmpty() ? FormValidation.warning("A session is loaded, so it's not necessary to save session") : !FilenameUtils.getExtension(str2).equals("") ? FormValidation.warning("A file extension is not necessary. A default file extension will be added (.session)") : FormValidation.ok();
        }

        public ListBoxModel doFillChosenFormatItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Iterator<String> it = this.formatList.iterator();
            while (it.hasNext()) {
                listBoxModel.add(it.next());
            }
            return listBoxModel;
        }

        public ListBoxModel doFillToolUsedItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Iterator it = ToolInstallation.all().iterator();
            while (it.hasNext()) {
                for (ToolInstallation toolInstallation : ((ToolDescriptor) it.next()).getInstallations()) {
                    listBoxModel.add(toolInstallation.getName());
                }
            }
            return listBoxModel;
        }

        public ListBoxModel doFillChosenPolicyItems(@QueryParameter String str) {
            ListBoxModel listBoxModel = new ListBoxModel();
            File file = new File(str, ZAProxy.NAME_POLICIES_DIR_ZAP);
            if (file.exists()) {
                for (File file2 : file.listFiles(new FilenameFilter() { // from class: fr.novia.zaproxyplugin.ZAProxy.ZAProxyDescriptorImpl.1
                    @Override // java.io.FilenameFilter
                    public boolean accept(File file3, String str2) {
                        return str2.lastIndexOf(46) > 0 && str2.substring(str2.lastIndexOf(46)).equals(ZAProxy.FILE_POLICY_EXTENSION);
                    }
                })) {
                    listBoxModel.add(FilenameUtils.getBaseName(file2.getName()));
                }
            }
            return listBoxModel;
        }
    }

    @DataBoundConstructor
    public ZAProxy(boolean z, String str, String str2, int i, String str3, String str4, boolean z2, boolean z3, boolean z4, String str5, String str6, boolean z5, String str7, String str8, String str9, List<ZAPcmdLine> list) {
        this.autoInstall = z;
        this.toolUsed = str;
        this.zapHome = str2;
        this.timeoutInSec = i;
        this.filenameLoadSession = str3;
        this.targetURL = str4;
        this.spiderURL = z2;
        this.scanURL = z3;
        this.saveReports = z4;
        this.chosenFormat = str5;
        this.filenameReports = str6;
        this.saveSession = z5;
        this.filenameSaveSession = str7;
        this.zapDefaultDir = str8;
        this.chosenPolicy = str9;
        this.cmdLinesZAP = list != null ? new ArrayList<>(list) : Collections.emptyList();
    }

    public String toString() {
        return (((((((((((((((("autoInstall [" + this.autoInstall + "]\n") + "toolUsed [" + this.toolUsed + "]\n") + "zapHome [" + this.zapHome + "]\n") + "timeoutInSec [" + this.timeoutInSec + "]\n") + "filenameLoadSession [" + this.filenameLoadSession + "]\n") + "targetURL [" + this.targetURL + "]\n") + "spiderURL [" + this.spiderURL + "]\n") + "scanURL [" + this.scanURL + "]\n") + "saveReports [" + this.saveReports + "]\n") + "chosenFormat [" + this.chosenFormat + "]\n") + "filenameReports [" + this.filenameReports + "]\n") + "saveSession [" + this.saveSession + "]\n") + "filenameSaveSession [" + this.filenameSaveSession + "]\n") + "zapDefaultDir [" + this.zapDefaultDir + "]\n") + "chosenPolicy [" + this.chosenPolicy + "]\n") + "zapProxyHost [" + this.zapProxyHost + "]\n") + "zapProxyPort [" + this.zapProxyPort + "]\n";
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public ZAProxyDescriptorImpl m0getDescriptor() {
        return (ZAProxyDescriptorImpl) super.getDescriptor();
    }

    public boolean getAutoInstall() {
        return this.autoInstall;
    }

    public String getToolUsed() {
        return this.toolUsed;
    }

    public String getZapHome() {
        return this.zapHome;
    }

    public int getTimeoutInSec() {
        return this.timeoutInSec;
    }

    public String getFilenameLoadSession() {
        return this.filenameLoadSession;
    }

    public String getTargetURL() {
        return this.targetURL;
    }

    public boolean getSpiderURL() {
        return this.spiderURL;
    }

    public boolean getScanURL() {
        return this.scanURL;
    }

    public boolean getSaveReports() {
        return this.saveReports;
    }

    public String getChosenFormat() {
        return this.chosenFormat;
    }

    public String getFilenameReports() {
        return this.filenameReports;
    }

    public boolean getSaveSession() {
        return this.saveSession;
    }

    public String getFilenameSaveSession() {
        return this.filenameSaveSession;
    }

    public String getZapDefaultDir() {
        return this.zapDefaultDir;
    }

    public String getChosenPolicy() {
        return this.chosenPolicy;
    }

    public void setZapProxyHost(String str) {
        this.zapProxyHost = str;
    }

    public void setZapProxyPort(int i) {
        this.zapProxyPort = i;
    }

    public List<ZAPcmdLine> getCmdLinesZAP() {
        return this.cmdLinesZAP;
    }

    private String retrieveZapHomeWithToolInstall(AbstractBuild<?, ?> abstractBuild, BuildListener buildListener) {
        String str = null;
        try {
            if (this.autoInstall) {
                EnvVars environment = abstractBuild.getEnvironment(buildListener);
                Node builtOn = abstractBuild.getBuiltOn();
                Iterator it = ToolInstallation.all().iterator();
                while (it.hasNext()) {
                    ToolInstallation[] installations = ((ToolDescriptor) it.next()).getInstallations();
                    int length = installations.length;
                    for (int i = 0; i < length; i++) {
                        ToolInstallation toolInstallation = installations[i];
                        if (toolInstallation.getName().equals(this.toolUsed)) {
                            if (toolInstallation instanceof NodeSpecific) {
                                toolInstallation = ((NodeSpecific) toolInstallation).forNode(builtOn, buildListener);
                            }
                            if (toolInstallation instanceof EnvironmentSpecific) {
                                toolInstallation = ((EnvironmentSpecific) toolInstallation).forEnvironment(environment);
                            }
                            return toolInstallation.getHome();
                        }
                    }
                }
            } else {
                str = (String) abstractBuild.getEnvironment(buildListener).get(this.zapHome);
            }
        } catch (Exception e) {
            e.printStackTrace();
            buildListener.error(e.toString());
        }
        return str;
    }

    private String getZAPProgramName(AbstractBuild<?, ?> abstractBuild) throws IOException, InterruptedException {
        Node builtOn = abstractBuild.getBuiltOn();
        return builtOn.getNodeName().equals("") ? File.pathSeparatorChar == ':' ? ZAP_PROG_NAME_SH : ZAP_PROG_NAME_BAT : builtOn.toComputer().getOSDescription().equals("Unix") ? ZAP_PROG_NAME_SH : ZAP_PROG_NAME_BAT;
    }

    private void checkParams(AbstractBuild<?, ?> abstractBuild, BuildListener buildListener) throws Exception {
        this.zapProgram = retrieveZapHomeWithToolInstall(abstractBuild, buildListener);
        if (this.zapProgram.isEmpty() || this.zapProgram == null) {
            throw new Exception("zapProgram is missing");
        }
        buildListener.getLogger().println("zapProgram = " + this.zapProgram);
        if (this.targetURL.isEmpty() || this.targetURL == null) {
            throw new Exception("targetURL is missing");
        }
        buildListener.getLogger().println("targetURL = " + this.targetURL);
        if (this.zapProxyHost.isEmpty() || this.zapProxyHost == null) {
            throw new Exception("zapProxy Host is missing");
        }
        buildListener.getLogger().println("zapProxyHost = " + this.zapProxyHost);
        if (this.zapProxyPort < 0) {
            throw new Exception("zapProxy Port is less than 0");
        }
        buildListener.getLogger().println("zapProxyPort = " + this.zapProxyPort);
    }

    public void startZAP(AbstractBuild<?, ?> abstractBuild, BuildListener buildListener) throws Exception {
        checkParams(abstractBuild, buildListener);
        File file = new File(this.zapProgram, getZAPProgramName(abstractBuild));
        buildListener.getLogger().println("Start ZAProxy [" + file.getAbsolutePath() + "]");
        ArrayList arrayList = new ArrayList();
        arrayList.add(file.getAbsolutePath());
        arrayList.add(CMD_LINE_DAEMON);
        arrayList.add(CMD_LINE_HOST);
        arrayList.add(this.zapProxyHost);
        arrayList.add(CMD_LINE_PORT);
        arrayList.add(String.valueOf(this.zapProxyPort));
        if (this.scanURL && !this.zapDefaultDir.equals("") && this.zapDefaultDir != null) {
            arrayList.add(CMD_LINE_DIR);
            arrayList.add(this.zapDefaultDir);
        }
        if (!this.cmdLinesZAP.isEmpty()) {
            addZapCmdLine(arrayList);
        }
        ProcessBuilder processBuilder = new ProcessBuilder(arrayList);
        processBuilder.directory(file.getParentFile());
        Process start = processBuilder.start();
        FluxDisplay fluxDisplay = new FluxDisplay(start.getInputStream(), buildListener);
        FluxDisplay fluxDisplay2 = new FluxDisplay(start.getErrorStream(), buildListener);
        new Thread(fluxDisplay).start();
        new Thread(fluxDisplay2).start();
        waitForSuccessfulConnectionToZap(this.timeoutInSec, buildListener);
    }

    private void addZapCmdLine(List<String> list) {
        for (ZAPcmdLine zAPcmdLine : this.cmdLinesZAP) {
            if (!zAPcmdLine.getCmdLineOption().isEmpty() && zAPcmdLine.getCmdLineOption() != null) {
                list.add(zAPcmdLine.getCmdLineOption());
            }
            if (!zAPcmdLine.getCmdLineValue().isEmpty() && zAPcmdLine.getCmdLineValue() != null) {
                list.add(zAPcmdLine.getCmdLineValue());
            }
        }
    }

    private void waitForSuccessfulConnectionToZap(int i, BuildListener buildListener) {
        int milliseconds = getMilliseconds(i);
        int i2 = milliseconds;
        int milliseconds2 = getMilliseconds(1);
        boolean z = false;
        long currentTimeMillis = System.currentTimeMillis();
        Socket socket = null;
        do {
            try {
                try {
                    socket = new Socket();
                    socket.connect(new InetSocketAddress(this.zapProxyHost, this.zapProxyPort), i2);
                    z = true;
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                } catch (Throwable th) {
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e2) {
                            e2.printStackTrace();
                        }
                    }
                    throw th;
                }
            } catch (SocketTimeoutException e3) {
                throw new BuildException("Unable to connect to ZAP's proxy after " + i + " seconds.");
            } catch (IOException e4) {
                try {
                    Thread.sleep(milliseconds2);
                    long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                    if (currentTimeMillis2 >= milliseconds) {
                        throw new BuildException("Unable to connect to ZAP's proxy after " + i + " seconds.");
                    }
                    i2 = (int) (milliseconds - currentTimeMillis2);
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (IOException e5) {
                            e5.printStackTrace();
                        }
                    }
                } catch (InterruptedException e6) {
                    throw new BuildException("The task was interrupted while sleeping between connection polling.", e6);
                }
            }
        } while (!z);
    }

    private static int getMilliseconds(int i) {
        return i * MILLISECONDS_IN_SECOND;
    }

    private String getAllAlerts(String str, BuildListener buildListener) throws Exception {
        String str2 = "";
        Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(this.zapProxyHost, this.zapProxyPort));
        URL url = new URL("http://zap/" + str + "/core/view/alerts");
        buildListener.getLogger().println("Open URL: " + url.toString());
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection(proxy);
        httpURLConnection.connect();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return str2;
            }
            str2 = str2 + readLine;
        }
    }

    private void saveReport(String str, BuildListener buildListener, AbstractBuild<?, ?> abstractBuild) throws Exception {
        String allAlerts = getAllAlerts(str, buildListener);
        File file = new File(abstractBuild.getWorkspace().getRemote(), this.filenameReports + "." + str);
        FileUtils.writeStringToFile(file, allAlerts);
        buildListener.getLogger().println("File [" + file.getAbsolutePath() + "] saved");
    }

    public void executeZAP(AbstractBuild<?, ?> abstractBuild, BuildListener buildListener) throws Exception {
        this.zapClientAPI = new ClientApi(this.zapProxyHost, this.zapProxyPort);
        if (this.filenameLoadSession == null || this.filenameLoadSession.length() == 0) {
            buildListener.getLogger().println("Skip loadSession");
        } else {
            File file = new File(abstractBuild.getWorkspace().getRemote(), this.filenameLoadSession);
            buildListener.getLogger().println("Load session at [" + file.getAbsolutePath() + "]");
            this.zapClientAPI.core.loadSession(API_KEY, file.getAbsolutePath());
        }
        if (this.spiderURL) {
            buildListener.getLogger().println("Spider the site [" + this.targetURL + "]");
            spiderURL(this.targetURL, buildListener);
        } else {
            buildListener.getLogger().println("Skip spidering the site [" + this.targetURL + "]");
        }
        if (this.scanURL) {
            buildListener.getLogger().println("Scan the site [" + this.targetURL + "]");
            scanURL(this.targetURL, buildListener);
        } else {
            buildListener.getLogger().println("Skip scanning the site [" + this.targetURL + "]");
        }
        if (this.saveReports) {
            if (this.chosenFormat.equalsIgnoreCase(REPORT_FORMAT_ALL)) {
                buildListener.getLogger().println("Generate reports in all formats");
                for (String str : m0getDescriptor().getFormatList()) {
                    if (!str.equals(REPORT_FORMAT_ALL)) {
                        saveReport(str, buildListener, abstractBuild);
                    }
                }
            } else {
                saveReport(this.chosenFormat, buildListener, abstractBuild);
            }
        }
        if (!this.saveSession) {
            buildListener.getLogger().println("Skip saveSession");
        } else if (this.filenameSaveSession != null && !this.filenameSaveSession.isEmpty()) {
            File file2 = new File(abstractBuild.getWorkspace().getRemote(), this.filenameSaveSession);
            buildListener.getLogger().println("Save session to [" + file2.getAbsolutePath() + "]");
            if (!file2.getParentFile().exists()) {
                file2.getParentFile().mkdirs();
            }
            this.zapClientAPI.core.saveSession(API_KEY, file2.getAbsolutePath(), "true");
        }
        buildListener.getLogger().println("Nb alertes = " + this.zapClientAPI.core.numberOfAlerts("").toString(2));
        buildListener.getLogger().println("Nb msg = " + this.zapClientAPI.core.numberOfMessages("").toString(2));
    }

    private int statusToInt(ApiResponse apiResponse) {
        return Integer.parseInt(((ApiResponseElement) apiResponse).getValue());
    }

    private void spiderURL(String str, BuildListener buildListener) throws ClientApiException, InterruptedException {
        this.zapClientAPI.spider.scan(API_KEY, str, "");
        while (statusToInt(this.zapClientAPI.spider.status("")) < 100) {
            buildListener.getLogger().println("status spider = " + statusToInt(this.zapClientAPI.spider.status("")));
            buildListener.getLogger().println("Nb alertes = " + this.zapClientAPI.core.numberOfAlerts("").toString(2));
            Thread.sleep(1000L);
        }
    }

    private void scanURL(String str, BuildListener buildListener) throws ClientApiException, InterruptedException {
        this.zapClientAPI.ascan.scan(API_KEY, str, "true", "false", this.chosenPolicy, (String) null, (String) null);
        while (statusToInt(this.zapClientAPI.ascan.status("")) < 100) {
            buildListener.getLogger().println("status scan = " + statusToInt(this.zapClientAPI.ascan.status("")));
            buildListener.getLogger().println("Nb alertes = " + this.zapClientAPI.core.numberOfAlerts("").toString(2));
            buildListener.getLogger().println("Nb msg url = " + this.zapClientAPI.core.numberOfMessages("").toString(2));
            Thread.sleep(5000L);
        }
    }

    public void stopZAP(BuildListener buildListener) {
        if (this.zapClientAPI == null) {
            buildListener.getLogger().println("No shutdown of ZAP (zapClientAPI==null)");
            return;
        }
        try {
            buildListener.getLogger().println("Shutdown ZAProxy");
            this.zapClientAPI.core.shutdown(API_KEY);
        } catch (Exception e) {
            buildListener.error(e.toString());
            e.printStackTrace();
        }
    }
}
